Change logs for icedove source package in Jessie

icedove (1:52.3.0-4~deb8u2) jessie-security; urgency=medium

  [ Guido Günther ]
  * [6214253] Simplify endianess selection for ICU

 -- Carsten Schoenert <email address hidden>  Sun, 10 Sep 2017 15:51:52 +0200

icedove (1:45.8.0-3~deb8u1) jessie-security; urgency=medium

  [ Carsten Schoenert ]
  * New upstream version 45.8.0:
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
    CVE-2017-5401: Memory Corruption when handling ErrorResult
    CVE-2017-5402: Use-after-free working with events in FontFace objects
    CVE-2017-5404: Use-after-free working with ranges in selections
    CVE-2017-5407: Pixel and history stealing via floating-point timing side
                   channel with SVG filters
    CVE-2017-5410: Memory corruption during JavaScript garbage collection
                   incremental sweeping
    CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
    CVE-2017-5405: FTP response codes can cause use of uninitialized values
                   for ports
    CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8
    CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
    CVE-2017-5376: Use-after-free in XSL
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
    CVE-2017-5380: Potential use-after-free during DOM manipulations
    CVE-2017-5390: Insecure communication methods in Developer Tools JSON
    viewer
    CVE-2017-5396: Use-after-free with Media Decoder
    CVE-2017-5383: Location bar spoofing with unicode characters
    CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
  * debian/rules: don't set MOZ_APP_PROFILE in jessie or wheezy.
    We don't need a special diffrent default profile folder in jessie or
    wheezy. We will use always ~/.thunderbird in all available releases.
  * tb-wrapper: call thunderbird starting with exec

  [ Guido Günther ]
  * Register components in gbp.conf
  * Drop superfluous iceowl-l10n files
  * Copy-edit thunderbird-wrapper-helper.sh

 -- Guido Günther <email address hidden>  Sat, 15 Apr 2017 16:37:06 +0200

icedove (1:45.3.0-1~deb8u1) stable-security; urgency=medium

  [ Carsten Schoenert ]
  * [3cc29ee] Imported Upstream version 45.3.0
    - MFSA 2016-62 aka CVE-2016-2836

 -- Christoph Goehre <email address hidden>  Sun, 02 Oct 2016 11:36:16 -0400

icedove (1:45.2.0-1~deb8u1) stable-security; urgency=medium

  [ Carsten Schoenert ]
  * [411b27d] Imported Upstream version 45.2.0
    - MFSA 2016-49 aka CVE-2016-2818
  * [aeb5aee] debian/icedove.js: disable Icedove startup check
    (Closes: #817973)
  * [685b602] icedove-l10n-all: change Section into metapackages
    (Closes: #824785)

  [ Christoph Goehre ]
  * [2871800] rebuild patch queue from patch-queue branch
    added patches:
    - fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch
    (Closes: #827592)

 -- Christoph Goehre <email address hidden>  Sun, 07 Aug 2016 10:55:46 -0400

icedove (38.8.0-1~deb8u1) stable-security; urgency=medium

  [ Guido Günther ]
  * [ee8dd49] Clarify relation between icedove and the calendar extensions
    (Closes: #809017)

  [ Christoph Goehre ]
  * [bac2d5b] Imported Upstream version 38.8.0
    - MFSA 2016-36 aka CVE-2016-1979
    - MFSA 2016-39 aka CVE-2016-2807, CVE-2016-2805

 -- Christoph Goehre <email address hidden>  Wed, 11 May 2016 19:26:19 -0400

icedove (31.8.0-1~deb8u1) stable-security; urgency=medium

  * [d427fea] Imported Upstream version 31.8.0
    - MFSA 2015-59 aka CVE-2015-2724
    - MFSA 2015-66 aka CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,
      CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740
    - MFSA 2015-70 aka CVE-2015-4000
    - MFSA 2015-71 aka CVE-2015-2721
  * [6516780] lintian: add override for libpng
  * [1c33ec2] build against internal libnss3

 -- Christoph Goehre <email address hidden>  Thu, 30 Jul 2015 10:28:32 -0400

icedove (31.7.0-1~deb8u1) stable-security; urgency=medium

  * [c3c81df] Imported Upstream version 31.7.0
    - MFSA 2015-46 aka CVE-2015-2708
    - MFSA 2015-47 aka CVE-2015-0797
    - MFSA 2015-48 aka CVE-2015-2710
    - MFSA 2015-51 aka CVE-2015-2713
    - MFSA 2015-54 aka CVE-2015-2716
  * [eb8cb5a] adjust gbp.conf for jessie-security branch

 -- Christoph Goehre <email address hidden>  Mon, 18 May 2015 18:42:47 -0400

icedove (31.6.0-1) unstable; urgency=medium


  * [c71fc00] Imported Upstream version 31.6.0
  * [e13a5a1] rebuild patch queue from patch-queue branch
    added patches:
    - porting/ppc-fix-divide-page-size-in-jemalloc.patch (Closes: #780404)

 -- Christoph Goehre <email address hidden>  Wed, 01 Apr 2015 18:59:32 -0400

icedove (31.5.0-1) unstable; urgency=low


  * [f0e7673] Imported Upstream version 31.5.0
  * [4bf64fa] rebuild patch queue from patch-queue branch
    modified patches:
    - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch

 -- Christoph Goehre <email address hidden>  Sun, 01 Mar 2015 18:04:13 -0500

icedove (31.4.0-2) unstable; urgency=low


  [ Christoph Goehre ]
  * [305b0fb] debian/icedove.desktop: correct StartupWMClass to 'Icedove'
    (Closes: #773876)
  * [8b4871a] rebuild patch queue from patch-queue branch
    added patches:
    - iceowl/adjust-calendar-google-provider-to-Google-Calendar-A.patch
      (Closes: #770008)
    - iceowl/get-rid-of-subdir-shim-in-gdata-provider.patch
    modified patches:
    - p-kfree-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch
    - p-kfree-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch
    - p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
    - p-kfree-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
    - p-kfree-hurd/correcting-file-inclusion-for-kfreebsd-and-hurd.patch
  * [573c8bb] debian/rules: move some gdata modules into 'shim' subdir
  * [acf83d3] debian/icedove.desktop: add MimeType text/calendar
    (Closes: #762190)

  [ Carsten Schoenert ]
  * [cf73d7e] debian/README.Debian: adding note around HTTPS Everythere
    (Closes: #774790)

 -- Christoph Goehre <email address hidden>  Sat, 24 Jan 2015 19:03:28 -0500

icedove (31.3.0-1) unstable; urgency=low


  [ Carsten Schoenert ]
  * [679d70d] debian/source.filter: more files to ignore
  * [054b68a] debian/NEWS: fixing default SSL/TLS behavior description.
  * [b5acb03] debian/NEWS: adding notes around new security changes.

  [ Christoph Goehre ]
  * [e2572a7] Imported Upstream version 31.3.0
  * [10ce820] rebuild patch queue from patch-queue branch
    added patches:
    - debian/patches/FTBFS-armhf-fixing-ARM-CPU-detection.patch
    - debian/patches/fixing-various-FTBFS-due-different-datatype-char-beh.patch

 -- Christoph Goehre <email address hidden>  Thu, 04 Dec 2014 12:57:59 -0500

icedove (31.2.0-1) unstable; urgency=low


  * [ae54a5c] Imported Upstream version 31.2.0
  * [915864d] debian/NEWS: adding note around increased default TLS version 1.2
    (Closes: #761245)

 -- Christoph Goehre <email address hidden>  Thu, 23 Oct 2014 12:28:16 -0400

icedove (31.1.2-1) unstable; urgency=low


  [ Christoph Goehre ]
  * [ebaaee5] adjust gbp.conf to use upstream branch 'upstream-31.x'
  * [a041f0b] Imported Upstream version 31.1.2
  * [1daecd9] rebuild patch queue from patch-queue branch
    modified patches:
    - porting-kfreebsd-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch
    obsolete patches (fixed upstream):
    - porting-armel/FTBFS-armel-fixing-usage-int-on-ARM-audio-backend.patch
    - porting-armel/fix-skia-for-ARMv4.patch
  * [066505b] linitan: bump up standards version to 3.9.6

  [ Carsten Schoenert ]
  * [d17bf45] debian/gbp.conf: some instructions for git-dch
  * [0139cb2] README.source: let's use xz while creating the orig.tar.xz

 -- Christoph Goehre <email address hidden>  Fri, 10 Oct 2014 19:55:54 -0400

icedove (31.0-3) unstable; urgency=medium


  * [65ad797] icedove.postinst: remove obsolete symlink handling
    (Closes: #759502, #760012)
  * [e2b5f63] rebuild patch queue from patch-queue branch
    added patches:
    - debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch
    - porting-armel/FTBFS-armel-fixing-usage-int-on-ARM-audio-backend.patch
    modified patches:
    - porting-alpha/fix-FTBFS-on-alpha.patch

 -- Christoph Goehre <email address hidden>  Sun, 31 Aug 2014 16:30:57 -0700

icedove (24.5.0-2) unstable; urgency=low


  * [e4a43ed] debian/rules: remove duplicate LDFLAGS += -Wl,--stats
  * [f9dba4b] debian/rules: export all compiler flags into build environment
  * [8dc0712] debian/rules: run autoconf for all configue files
  * [95d4b48] debian/rules: export MOZCONFIG onces
  * [577bd03] debian/rules: update config.sub and config.guess before autoconf
    run
  * [7f958c7] parse DEB_BUILD_OPTIONS for how many parallel buildjobs to start
    (Closes: #746984)
  * [0f8b062] debian/rules: export MOZILLA_OFFICIAL
  * [1c3d277] run configure with --build and --host
  * [f190e19] don't build a shared js library (Closes: #724688, #729073,
    #745593)

 -- Christoph Goehre <email address hidden>  Thu, 08 May 2014 20:07:06 -0400

icedove (24.4.0-1) unstable; urgency=low


  * [a2b13c0] Imported Upstream version 24.4.0
  * [fd90463] rebuild patch queue from patch-queue branch
    added patches:
    - porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch
      (Closes: #741245)

 -- Christoph Goehre <email address hidden>  Sat, 22 Mar 2014 11:10:18 -0400

icedove (24.3.0-2) unstable; urgency=low


  [ Christoph Goehre ]
  * [122ffe9] remove ldif60 from pkgconfig file (Closes: #732652)
  * [b64ccac] rebuild patch queue from patch-queue branch
    added patches:
    - porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch
    (Closes: #734859)

  [ Carsten Schoenert ]
  * [aa4f5b1] thunderbird.install.in: shipping all files in /u/l/i/components
    (Closes: #737811)
  * [3bf4738] debian/rules: fix *.js file-permissions for iceowl-extension
  * [50ab7a5] debian/rules: remove -Wl,--as-needed linker option
    (Closes: #732652, #730450, #724688)

 -- Christoph Goehre <email address hidden>  Sun, 09 Mar 2014 15:33:05 -0400

icedove (17.0.10-1) unstable; urgency=low


  [ Christoph Goehre ]
  * [6f2593b] Imported Upstream version 17.0.10

  [ Carsten Schoenert ]
  * [2f1ee4f] debian/copyright: correcting wrong comma usage
  * [2a86740] debian/copyright: adjusting copyright infos
  * [c99ec66] debian/copyright: correcting various lintian warning
  * [114c9ec] debian/control: expanding icedove-dev dependency on python
  * [1643ba3] debian/control: adding a more specific description for
    iceowl-extension and google-cal-prov

 -- Christoph Goehre <email address hidden>  Sun, 03 Nov 2013 17:31:45 -0500

icedove (17.0.9-2) unstable; urgency=low


  * [ab3a41c] rebuild patch queue from patch-queue branch
    added patches:
    - porting/Bug-898916-Properly-align-statically-allocated-class.patch
  * [c68b8b7] ia64 don't like LDFLAG --no-keep-memory

 -- Christoph Goehre <email address hidden>  Sat, 05 Oct 2013 11:50:47 -0400

icedove (10.0.12-1) unstable; urgency=high


  * [c45eb8d] New Upstream version 10.0.12
  * Fixes for MFSA-2013-{01,02,04,05,09,11,12,15-17,20}, also known as
    CVE-2013-0769, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767,
    CVE-2013-0759, CVE-2013-0744, CVE-2013-0746, CVE-2013-0748,
    CVE-2013-0750, CVE-2013-0758, CVE-2013-0753, CVE-2013-0754,
    CVE-2013-0743

 -- Christoph Goehre <email address hidden>  Tue, 15 Jan 2013 18:33:23 -0500